VYPR

apk package

wolfi/geckodriver

pkg:apk/wolfi/geckodriver

Vulnerabilities (4)

  • CVE-2026-25727Feb 6, 2026
    affected < 0.36.0-r5fixed 0.36.0-r5

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2026-25541Feb 4, 2026
    affected < 0.36.0-r4fixed 0.36.0-r4

    Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. Whe

  • CVE-2024-12224May 30, 2025
    affected < 0.35.0-r1fixed 0.35.0-r1

    Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

  • CVE-2025-29787HigMar 17, 2025
    affected < 0.36.0-r1fixed 0.36.0-r1

    `zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used f